<!DOCTYPE HTML>
<html>
    <head>
        <link href="stylesheet.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <h1 align = "center"><font face = 'Edwardian Script ITC'>Add/Edit/Delete Users</font></h1>
      <form method = "POST" action = "admin_main_menu.php">
            <input value = "Home" type = "submit" style = "float: left;"><br></br>
     <span style ="font-size:25pt;">Create Account </span>
      </form><br>
      <table border = '1'>
      <form method="POST" action="<?php echo htmlspecialchars($_SERVER["REQUEST_URI"]);?>">
                        <tr><td><span style="font-size:20pt;">First Name:</span></td>
                    <td><input type="text" name = "firstname" value=""> <font color = "red">*</font></td></tr> 
                        <tr><td><span style="font-size:20pt;">Last Name:</span></td>
                    <td><input type="text" name = "lastname" value=""><font color = "red">*</font></td></tr> 
                        <tr><td><span style="font-size:20pt;">Username:</span></td>
                    <td><input type="text" name = "username" value=""><font color = "red">*</font></td></tr> 
                         <tr><td><span style="font-size:20pt;">Phone Number: </span></td>
                    <td><input type="text" name = "phoneNumber" value=""><font color = "red">*</font></td></tr> 
                        <tr><td><span style="font-size:20pt;">Email: </span></td>
                    <td><input type="text" name = "email" value=""><font color = "red">*</font></td></tr> 
                       <tr><td> <span style="font-size:20pt;">Password: </span></td>
                    <td><input type="password" name="password" value=""><font color = "red">*</font></td></tr>
                        <tr><td><span style="font-size:20pt;">Confirm Password: </span></td>
                    <td><input type="password" name = "confirmPassword" value = ""><font color = "red">*</font></td></tr>
                    <tr><td>Make Admin?<font color = "red">*</font></td>
                    <td>
                    <li>
                        <select name = "isAdmin">
                            <option value = "no">no</option>
                            <option value = "yes">yes</option>
                        </select>
                    </li>
                    </td>
                    </tr>
                    </table>
                    <input type="submit" name="addUser" value="Add User">
                    </div>
        </form>
    
    <?php
      /****************************************/
	   /*************DATABASE STUFF**************/
		    $username = 'root';
			$pw = '';
			$con = mysqli_connect("localhost", $username, $pw, 'milestone');
		
			if (mysqli_connect_errno()) 
			{
				echo "Failed to connect to MySQL: " . mysqli_connect_error();
			}
		   
			 //set time to the central time zone
			if ( !date_default_timezone_set ( 'America/Chicago' ) )
			{
				echo "could not set time zone!";
			}
			
			$date = new DateTime();
			$datetime_string = date_format($date, 'Y-m-d');

		/*****************************************/
			
    //if phonenumber has dashes in it...take them out
    if(isset($_POST['addUser']))
    {
        $flag = 0;
        
        if($_POST['lastname']=="")
            echo "<font color = 'red'>You did not enter a last name.</font> <br>";
        if($_POST['phoneNumber'] != "")
        {
            $phoneNumber = $_POST['phoneNumber'];
            for($i = 0; $i < strlen($phoneNumber); $i++)
            {
                if($phoneNumber[$i] == "-")
                {
                    echo "<font color = 'red'>Enter the phone number without dashes. Ex: 9724443352 </font><br>";
                    break;
                }
                
            }
            //now send number to database
        }
        else
        {
            echo "<font color = 'red'>You did not enter a phone number.</font><br>";
            $flag = 1;
        }

        if($_POST['password'] !="" && $_POST['confirmPassword']!="")
        {
            if($_POST['password'] != $_POST['confirmPassword'])
            {
                echo "<font color = 'red'>Confirmed password does not match</font><br>";
                $flag = 1;
            }

        }
        else 
        {
            echo "<font color = 'red'>You did not confirm the password.<font><br>";
            $flag = 1;
        }

        if($_POST['username']=="")
        {
                echo "<font color = 'red'>You did not enter a username. </font><br>";
                $flag = 1;
        }
 

        if($_POST['email']=="")
        {
                echo "<font color = 'red'>You did not enter an email.</font><br>";
                $flag = 1;
        }
        
        if($_POST['isAdmin'] == "no")
        {
            $isAdmin = 0;
        }
        else
            $isAdmin = 1;
        
        if($flag == 0)
        {
            $queryString = "INSERT INTO users (username, FirstName, LastName, Phone, email, Password, isAdmin)                                 VALUES('".$_POST['username']."', '".$_POST['firstname']."', '".$_POST['lastname']."', '".$phoneNumber."','".$_POST['email']."', '".$_POST['password']."', '".$isAdmin."')";
		    $result = mysqli_query($con, $queryString);//returns FALSE if query fails
            
        }
    }
    ?>
    </body>
</html>